EFF Issues Open Letter on Rootkit Controversy

San Francisco - Sony-BMG's damaging secret rootkit technology has potentially infected millions of computers around the world. Now, the Electronic Frontier Foundation (EFF) is asking Sony-BMG to publicly commit to fixing the problems it has caused for its music fans and take steps to reassure the public that its future CDs will respect its customers' ownership of their computer.

While Sony-BMG belatedly announced a decision to halt manufacturing of CDs with the rootkit software, this is only a small step in the right direction, since reports indicate that over 2.1 million infected disks have been sold already and 2.6 million remain unsold in the stream of commerce. In an open letter to Sony published Monday, EFF spells out the steps that should be taken by Sony to prevent future harm and repair the damage done to computer equipment and consumers' privacy. The letter includes discussions concerning Sony's XCP software as well as its use of SunComm MediaMax software, which has similar problems.

"Sony-BMG should treat its customers with respect and fairness instead it acted little better than the thugs who unleash stealth computer viruses on the public," said EFF Staff Attorney Corynne McSherry. "Halting production is not enough. Sony needs to take steps to fix that damage it has already caused and ensure that nothing like this happens again in the future."

Among the make-good measures recommended by EFF: a recall of all XCP and SunnComm MediaMax-infected CDs, from both consumers and store shelves a guarantee to repair, replace, or refund the purchase price of the CDs to anyone who bought the merchandise and a major publicity campaign warning about the security risks of XCP and SunnComm MediaMax.

"Sony-BMG must have spent a great deal of money advertising these infected CDs to an unsuspecting public," said EFF Staff Attorney Jason Schultz. "We think that it's only fair that an equal amount of money is spent educating the public on the damage that the product could cause to consumers around the world."

EFF believes that Sony-BMG should pay all consumer costs associated with the damage caused by the XCP or SunnComm MediaMax technology. Additionally, Sony should also compensate people for the time, effort, and expense required to verify that their computer was or was not infected with the rootkit.

"Sony-BMG needs to be strongly reminded that it doesn't own your computer, you do," said EFF Senior Staff Attorney Fred von Lohmann.

For the full text of the open letter to Sony:


Corynne McSherry
Staff Attorney
Electronic Frontier Foundation

Jason Schultz
Staff Attorney
Electronic Frontier Foundation

Fred von Lohmann
Senior Intellectual Property Attorney
Electronic Frontier Foundation